CoRBAC – context-oriented role based access control

Henryk Krawczyk, Paweł Lubomski


A generalized model of the access control to web-based service-oriented e-university system is proposed. Different kind of context and its impact on the security model and architecture is defined. In consequence the implementation of such an architecture is presented for e-university system based on specialized services. The benefits of such a solution have been pre-estimated


security; context; RBAC model; access control; services

Full Text:

PDF (Polski)


Politechnika Gdańska: Moja PG.

Oracle: Java Enterprise Edition.

OWASP Testing Guide v3.

Benantar M.: Access Control Systems. Security, Identity Management and Trust Models. Springer-Verlag, 2006.

Lund M. S., Solhaung B., Stolen K.: Evolution in relation to risk and trust management. IEEE Computer, May 2010, p. 49-55.

Craig W. T., Dale R. T.: Identity Management. IEEE Internet Computing, IEEE Computer Society, May/June 2007, p. 82-85.

Cuppens F., Cuppens-Boulahia N.: Modeling contextual security policies. International Journal of Information Security, Vol. 7, Springer-Verlag, July 2008.

Maamar Z., Benslimane D., Narendra N. C.: What can Context do for Web Services? Communications of the ACM, December 2006, p. 98-103.

Krawczyk H., Lubomski P.: Generalized access control in hierarchical computer network. Zeszyty naukowe Wydziału Elektroniki, Telekomunikacji i Informatyki Politechniki Gdańskiej, tom 18, 2010, s. 217-222.

Payne S.C.: A Guide to Security Metrics. SANS Security Essentials GSEC Practical Assignment Version 1.2e, July 2006.

Hauser J.R., Katz G. M.: Metrics: you are what you measure! European Management Journal, April 1998, p. 517-528.

Hinson G.: Seven myths about information secuirty metrics. ISSA Journal, July 2006.

Feng X., Jun X., Hao H., Li X.: Context-Aware Role-Based Access Control Model for Web Services. Grid and Cooperative Computing – GCC 2004 Workshops SE – 54. Springer Berlin Heidelberg, Vol. 3252, 2004, p. 430-436.

Haibo S., Fan H.: A context-aware role-based access control model for Web services. IEEE International Conference on e-Business Engineering (ICEBE’05), 2005, p. 220-223.

Bhatti, R., Bertino, E., & Ghafoor, A.: A Trust-Based Context-Aware Access Control Model for Web-Services. Distributed and Parallel Databases, Springer US, Vol. 18(1), 2005, p. 83-105.

Woo J.W., Hwang M.J., Lee C.G., Youn H.Y.: Dynamic Role-Based Access Control with Trust-Satisfaction and Reputation for Multi-agent System. 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops, p. 1121-1126.

Damián-Reyes P., Favela J., Contreras-Castillo J.: Uncertainty Management in Context-Aware Applications: Increasing Usability and User Trust. Wireless Personal Communications, Vol. 56(1), 2009, p. 37-53.

Kulkarni D., Tripathi A.: Context-Aware Role-based Access Control in Pervasive Computing Systems. SACMAT’08, 2008.